Know your customer. The very short review of European regulations

I. Introduction

I will try here to give a short overview of the main European regulations concerning the principles of "KYC" as briefly as possible.

At the European level the first measures concerning anti-money laundering were introduced by EU Directive EU 91/308 /EWG. At present time the KYC doctrine is governed inter alia both by EU Directive 2015/849 of 20 May 2015 and by EU Directive 2018/843 of 30 May 2018. The last one has been adopted, amongst other things, in the aftermath of the so-called "Panama Papers".

The KYC rules provide a mandatory list of minimum requirements for clients from high-risk third countries: these due diligence measures include obtaining additional information: on the customer and on the beneficial owner; on the intended nature of the business relationship; on the source of funds and source of wealth of the customer as well as of the beneficial owner, on the reasons for transactions.

The content of EU Directive 2018/843 is broadly based on EU Directive 2015/849, but with selective tightening of some rules of anti-money laundering. These amendments were introduced to:

• enhance transparency by setting up publicly available registers for companies, trusts and other legal arrangements;
• enhance the powers of EU Financial Intelligence Units, and provide them with access to broad information for the carrying out of their tasks;
• limit the anonymity related to virtual currencies and wallet providers, but also for pre-paid cards;
• broaden the criteria for the assessment of high-risk third countries and improve the safeguards for financial transactions to and from such countries;
• set up central bank account registries or retrieval systems in all Member States;
• improve the cooperation and enhance of information between anti-money laundering supervisors between them and between them and prudential supervisors and the European Central Bank.

II. Whom it concerns?

Directive (EU) 2015/849 shall apply now (on the entry of EU Directive 2018/843 into force) to the following obliged entities:

1. credit institutions;

2. financial institutions;

3. the following natural or legal persons acting in the exercise of their professional activities:

(a)auditors, external accountants and tax advisors, and any other person that undertakes to provide, directly or by means of other persons to which that other person is related, material aid, assistance or advice on tax matters as principal business or professional activity;

(b) notaries and other independent legal professionals, where they participate, whether by acting on behalf of and for their client in any financial or real estate transaction, or by assisting in the planning or carrying out of transactions for their client concerning the:

- buying and selling of real property or business entities;

- managing of client money, securities or other assets;

- opening or management of bank, savings or securities accounts;

- organization of contributions necessary for the creation, operation or management of companies;

-creation, operation or management of trusts, companies, foundations, or similar structures;

(c) trust or company service providers not already covered under point (a) or (b);

(d) estate agents including when acting as intermediaries in the letting of immovable property, but only in relation to transactions for which the monthly rent amounts to EUR 10 000 or more;

(e) other persons trading in goods to the extent that payments are made or received in cash in an amount of EUR 10 000 or more, whether the transaction is carried out in a single operation or in several operations which appear to be linked;

(f) providers of gambling services.

(g) providers engaged in exchange services between virtual currencies and fiat currencies (VCEP);

(h) custodian wallet providers (CWP);

(i) persons trading or acting as intermediaries in the trade of works of art, including when this is carried out by art galleries and auction houses, where the value of the transaction or a series of linked transactions amounts to EUR 10 000 or more;

(j) persons storing, trading or acting as intermediaries in the trade of works of art when this is carried out by free ports, where the value of the transaction or a series of linked transactions amounts to EUR 10 000 or more.

III. E-money

The anonymous issuance of e-money products for the use of remote payment transactions is prohibited where the amount paid exceeds EUR 50 per transaction. This applies, for example to prepaid credit cards and e-money products. In addition, acquirers are only allowed to process payments using e-money if the e-money was issued in a third country with a comparable level of anti-money laundering prevention. It is not always possible to find out whether one or the other payment instrument is an electronic money. Consequently this may result that payment cards of certain countries will no longer be accepted in the EU[1].Member States are also free to decide that no payments using by means of anonymous credit balances  will be accepted on their territory. But Member State may allow obliged entities not to apply certain customer due diligence measures with respect to electronic money, where all of the following risk-mitigating conditions are met:

-the payment instrument is not reloadable, or has a maximum monthly payment transactions limit of EUR 150 which can be used only in that Member State;

-the maximum amount stored electronically does not exceed EUR 150. Earlier this amount was EUR 250.

IV. Due diligence obligations regarding high-risk third countries

Obtaining the approval of senior management for establishing or continuing the business relationship as well as conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied have been also added. EU States may require obliged entities to ensure, where applicable, that the first payment be carried out through an account in the customer’s name with a credit institution subject to customer due diligence standards that are not less robust than those laid down in EU Directive 2015/849. On 7 May 2020, the European Commission adopted a new delegated regulation (EU) 2020/855 in relation to third countries which have strategic deficiencies in their AML/CFT regimes that pose significant threats to the financial system of the Union ('high-risk third countries').  This delegated regulation amends delegated Regulation (EU) 2016/1675. To ensure a robust, objective and transparent process the Commission has published a revised methodology for the identification of high-risk third countries (Methodology for identifying high-risk third countries under Directive (EU) 2015/849 ,7.5.2020 SWD (2020) 99 final). This methodology provides that the Commission will consider FATF lists as a starting point.

V. Authority of FIU regarding to information

The powers of financial intelligence units (FIUs) are extended. Interalia the fast access to information about holders of bank and payment accounts as well as safety deposit boxes is to be ensured through centralized registries and electronic data retrieval systems. These instruments will give the opportunity the identification of all national bank accounts of the person. No matter whether we speak about natural or legal one. The national registers of EU states on beneficial ownership information will be interconnected directly to facilitate cooperation and exchange of information.

VI. Regulatory technical standards

The Commission adopted Delegated Regulations in relation to the following regulatory technical standards:

- Commission delegated Regulation (EU) 2019/758 of 31 January 2019 supplementing Directive (EU) 2015/849 of the European Parliament and of the Council with regard to regulatory technical standards for the minimum action and the type of additional measures credit and financial institutions must take to mitigate money laundering and terrorist financing risk in certain third countries;

- Commission delegated Regulation (EU) 2018/1108 of 7 May 2018 supplementing Directive (EU) 2015/849 of the European Parliament and of the Council with regulatory technical standards on the criteria for the appointment of central contact points for electronic money issuers and payment service providers and with rules on their functions.

The first one regulates circumstances where a group operates branches or majority-owned subsidiaries in a third country whose law does not permit the implementation of group-wide anti-money laundering and countering the financing of terrorism policies and procedures. This can be the case, for example, where the third country's data protection or banking secrecy law limits the group's ability to access, process or exchange information related to customers of branches or majority-owned subsidiaries in the third country.

The second one lays down: criteria for determining the circumstances in which the appointment of a central contact point of issuers of electronic money and payment service providers, which are established in their territory in forms other than a branch and the head office of which is situated in another Member State, is appropriate and rules concerning the functions of such central contact points.

VII.  The potentially higher and lower-risk situations

If transactions are complex or unusually large as well as conducted in an unusual pattern or they do not have an apparent economic or lawful purpose, obliged entities shall examine, as far as reasonably possible, the background and purpose of such transactions. The factors of potentially higher-risk situations set out in Annex III of EU Directive 2015/849, when it comes to the factors of lower risk, - in Annex II. They consist of three group of: customer risk factors; product, service, transaction or delivery channel risk factors; geographical risk factors.

We are interested primarily in higher risk factors. They include the following factors:

• unusual circumstances of business relationship;
• residency in geographical areas of higher risk;
• legal persons or arrangements that are personal asset-holding vehicles;
• existence nominee shareholders or shares in bearer form;
• businesses that are cash-intensive;
• the ownership structure of the company appears unusual or excessively complex given the nature of the company's business;
• private banking;
• products or transactions that might favor anonymity;
• non-face-to-face business relationships or transactions, without certain safeguards, such as electronic signatures;
• payment received from unknown or unassociated third parties;
• new products and new business practices, including new delivery mechanism, and the use of new or developing technologies for both new and pre-existing products;
• countries which do not have effective anti-money laundering systems;
• countries with significant levels of corruption or other criminal activity;
• countries subject to sanctions, embargos or similar measures
• countries providing funding or support for terrorist activities.

These factors must be identified by credible sources.

Lower risk factors include in its turn:

- public companies listed on a stock exchange and subject to disclosure requirements (either by stock exchange rules or through law or enforceable means), which impose requirements to ensure adequate transparency of beneficial ownership;

- public administrations or enterprises;

- customers that are resident in geographical areas of lower risk as set out in point;

-life insurance policies for which the premium is low;

-insurance policies for pension schemes if there is no early surrender option and the policy cannot be used as collateral;

- a pension, superannuation or similar scheme that provides retirement benefits to employees, where contributions are made by way of deduction from wages, and the scheme rules do not permit the assignment of a member's interest under the scheme;

- financial products or services that provide appropriately defined and limited services to certain types of customers, so as to increase access for financial inclusion purposes;

-products where the risks of money laundering and terrorist financing are managed by other factors such as purse limits or transparency of ownership (e.g. certain types of electronic money);

-EU Member States;

- third countries having effective AML/CFT systems;

- third countries identified by credible sources as having a low level of corruption or other criminal activity;

-third countries which have requirements to combat money laundering and terrorist financing consistent with the revised FATF Recommendations and effectively implement those requirements.

It shall be identified by credible sources such as mutual evaluations, detailed assessment reports or published follow-up reports.

VIII. Switzerland

KYC in Switzerland is governed:

–        by Federal Act of 10 October 1997 on Combating Money Laundering and Terrorist Financing. It applies to financial intermediaries and to natural and legal persons who trade in goods commercially and take cash. It regulates both struggle against money laundering and due diligence in financial transactions.

–         by Executive order of the Swiss Financial Market Supervisory Authority of 3 June 2015 on the prevention of money laundering and terrorist financing in the financial sector (SR 955.033.0), -  GWG-Finna. It stipulates how financial intermediaries must implement their obligations to prevent money laundering and terrorist financing.

–        by Ordinance on Combating Money Laundering and the Financing of Terrorism (GwV), that regulates the requirements for professional activity as a financial intermediary as well as the due diligence and reporting obligations that traders must meet.

Under Swiss law the  financial intermediaries are: the banks; the asset managers and the trustees the trade auditors; the fund management companies; the investment companies with variable capital, the limited partnerships for collective capital investments and the investment companies with fixed capital as well as the managers of collective assets; the insurance institutions under the Insurance Supervision Act which operate direct life insurance or offer or sell shares in a collective investment scheme; the securities firms; the central counterparties and the central securities depositories; the payment systems; the casinos. Financial intermediaries are also persons who professionally accept or store third-party assets or help to invest or transfer them;

As well as in the European Union, the financial intermediaries must: determine the beneficial owner with the care required by the circumstances. If the contracting party is a listed company or a subsidiary controlled by such a company, it is possible to deviate from the identification of the beneficial owner. The financial intermediary must, among other things, obtain a written declaration from the contracting party about who the beneficial owner is, if the contracting party is not identical with the beneficial owner or if there are doubts about it. The financial intermediary is obliged to identify the type and purpose of the business relationship. The scope of the information to be obtained is based on the risk posed by the contracting party.

The financial intermediary must find out the background and purpose of a transaction or a business relationship if:

-the transaction or business relationship appears unusual, unless its legality is clear;

-there are indications that assets originate from a crime or a serious tax offense, are subject to the control of a criminal organization or serve to finance terrorism;

-the transaction or the business relationship is associated with an increased risk;

- the data of a contracting party, a beneficial owner or a person authorized to sign a transaction match the data forwarded to the financial intermediary by FINMA or by the Casino commission, or are very similar to this data.

Of course, a complete analysis of the KYC norms within the framework of an online publication is not possible, but I hope the readers have got at least a general idea of this topic and that they will be able to use them in their work.